By Ashley Leonard, CEO and Founder of Syxsense, shortlisted for the Cloud Security Innovator of the Year category at The Cloud Security Awards 2023
According to the Ponemon Institute, 68 percent of organizations have experienced one or more endpoint attacks that compromised data and/or infrastructure, and over the last year, both the volume and complexity of these attacks have increased. As a result, organizations are being forced to adapt at a rapid and unprecedented pace.
Yet many organizations continue to struggle with endpoint security management due to the growing number and diversity of devices, operating systems, and applications, as well as quickly evolving practices around endpoint visibility, vulnerability patching, and remediation.
Altogether, it can be a challenge to manage and secure the interconnected network of endpoints effectively, and many organizations remain at a great disadvantage against adversaries. Endpoints are generally the gateway these attackers use to access company data. Leaving them unprotected exposes your organization to risk and potential attacks with major financial, reputational, and legal consequences. Overcoming these challenges requires a strong endpoint security strategy.
So how can security professionals defend their organizations against these increasingly sophisticated endpoint threats, while minimizing the impact on the business? It starts with adopting consistent approaches to protection. While the best way to achieve that protection is with continuous threat monitoring, detection, and automation of critical endpoint security tasks, there are some simple steps you should be taking – with or without an endpoint security solution in place. Let’s look at five ways to simplify the process and keep up with the industry.
1. Find All Endpoints
Compromised endpoints account for the majority of today’s security breaches. In fact, estimates put that number at around 70 percent. If you can’t identify and track your endpoints, it’s virtually impossible to secure them. To address this visibility problem, start with a comprehensive discovery and configuration compliance audit. This process can have multiple steps, but it typically involves:
a) Taking a thorough inventory of all hardware, such as servers, laptops, virtual machines, mobile and networking devices;
b) Ensuring all your systems are configured in line with applicable compliance standards and internal security policies;
c) Continuously monitoring configurations for inappropriate or unwanted changes and mitigating configuration drift as needed. Once this process is complete, you will be in a great place to begin optimizing your security strategy.
2. ABP = Always Be Patching
Managing software updates (and specifically patching endpoints) helps secure an organization from known threats.A recent study showed that 60 percent of breach victims cited a known but unpatched vulnerability, where the patch was available but had not been applied, as the reason for a breach. This lack of action often stems from the sheer volume of emerging attacks combined with the large number of patches being released across today’s IT ecosystem – in other words, the lack of a comprehensive patching strategy. The proliferation of endpoints has resulted in a tidal wave of patch releases over the last 5 years. The reality: staying ahead of threat actors means patching all the time.
3. Stay Current on Innovations
Hackers and threat actors are constantly upgrading their technology and approaches. To stand against them, you and your organization must do the same. Whether utilizing patching, compliance, or security solutions (or better yet, all of those in a single platform), it’s important to regularly evaluate new technology innovations. Advancements around automation, artificial intelligence, machine learning, and more are streamlining endpoint security, reducing false positive rates, and enabling IT and security teams to do more with fewer resources. For example, AI assistants and copilots have taken center stage in recent months. The technology gives organizations the necessary edge and advice they need to carry out complicated tasks or find the right solutions to emerging problems. Applied in a security context, this could improve vulnerability detection, aid and automate patch workflows, even help devices self-heal or self-manage.
4. Be Vigilant
All quality security programs require both a proactive and reactive approach to endpoint vulnerabilities. One key proactive approach is the continual active scanning of network devices to identify weak points, misconfigurations, and vulnerabilities. This means testing for vulnerabilities from both outside and inside the network to ensure robust visibility, which can expose open ports, disabled firewalls, or issues with antivirus. This is also important for companies that need to meet government and industry compliance or regulatory policies. Once vulnerabilities are detected (e.g., missing patches, faulty configuration, or out-of-compliance devices) they must be remediated quickly. Finding an endpoint security solution that integrates with a SOAR (Security, Orchestration, Automation and Response) solution can enable process remediation for large groups of devices without the typical manual workload.
5. Make It a Priority
Endpoint security should be a priority – dare we say even higher priority than the “protect the perimeter” firewall strategy? In many ways, individual endpoints have become the perimeter of the network. But many organizations have yet to come to grips with this reality. Endpoint security doesn’t just protect a business – it preserves its reputation, reassures customers, and streamlines business processes. This demands prioritization, and without it, your endpoint security endeavors will likely fall short. Need executive buy-in? Consider running these facts by leadership: according to IBM’s Cost of a Data Breach 2022 report, a single data breach on a company can cost an average of $9.44 million in the U.S. in 2022. This number is expected to continue increasing every year. Most take between two and four weeks to recover from compromised infrastructure or data breach – oftentimes temporarily slowing down or halting business operations altogether. And this doesn’t even factor in the increased cost of hiring cybersecurity experts to manage the recovery process.
These are only a handful of tips to simply the endpoint protection process and help your organization fortify its security stack. Various solutions are emerging every day in the industry’s bid to consolidate security offerings into a single platform, including compliance, comprehensive endpoint security, and patch management. To truly defend against the intensifying endpoint threat, organizations should take a serious look at implementing these powerful approaches to meet the threat head-on, secure your environment, and reduce the pressure of managing the unknown.